Skip to content

Added documentation about pulling images from private registry's #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Apr 3, 2025
Merged

Added documentation about pulling images from private registry's #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8786b7f
Added docs on pulling images from private registrys.
BStarmerSmith Apr 2, 2025
c1753bb
Added additional README after viewing CUS ticket.
BStarmerSmith Apr 2, 2025
16efafa
typos
Stu-conduktor Apr 2, 2025
d1f691a
Adjusted to Quentins suggestions (reverting ToC, making it generic no…
BStarmerSmith Apr 2, 2025
9c80969
Pulled Stuarts changes
BStarmerSmith Apr 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 65 additions & 1 deletion charts/console/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Helm Chart to deploy Conduktor Console on Kubernetes.
- [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret)
- [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret)
- [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret)
- [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets)
- [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume)
- [Install with a PodAffinity](#install-with-a-podaffinity)
- [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap)
Expand Down Expand Up @@ -400,7 +401,6 @@ console, we recommend you to look at our

### Kubernetes configuration


- [Install with an enterprise license](#install-with-an-enterprise-license)
- [Install with a basic SSO configuration](#install-with-a-basic-sso-configuration)
- [Install with a Kafka cluster](#install-with-a-kafka-cluster)
Expand All @@ -409,6 +409,7 @@ console, we recommend you to look at our
- [Provide the license as a Kubernetes Secret](#provide-the-license-as-a-kubernetes-secret)
- [Provide credentials configuration as a Kubernetes Secret](#provide-credentials-configuration-as-a-kubernetes-secret)
- [Provide monitoring configuration as a Kubernetes Secret](#provide-monitoring-configuration-as-a-kubernetes-secret)
- [Pulling from private registry using `global.imagePullSecrets`](#pulling-from-private-registry-using-globalimagepullsecrets)
- [Store platform data into a Persistent Volume](#store-platform-data-into-a-persistent-volume)
- [Install with a PodAffinity](#install-with-a-podaffinity)
- [Provide console configuration as a Kubernetes ConfigMap](#provide-console-configuration-as-a-kubernetes-configmap)
Expand Down Expand Up @@ -655,6 +656,69 @@ data:
CDK_MONITORING_STORAGE_S3_SECRETACCESSKEY: <your_s3_secret_access_key>
```


### Pulling from private registry using `global.imagePullSecrets`

The method of setting up your private registry will work with the following registries:
- Artifactory
- Harbor
- Nexus
- GitHub Container Registry (GHCR)
- Google Container Registry (GCR)

**This method WILL NOT work for AWS Elastic Container Registry (ECR) due to it requiring an authentication token that expires every 12 hours**

To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

We need to ensure this secret is of type `docker-registry` and contains the following keys:
```bash
kubectl create secret docker-registry <SECRET_NAME> \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USERNAME> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL>
```

Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `global.imageRegistry` parameters to use the same registry as the secret you created.

The below example shows how to set the `global.imagePullSecrets` parameter and the `global.imageRegistry` parameters to use a private registry:
```yaml
global:
imageRegistry: regsitry.company.io
imagePullSecrets:
- docker-regsitry-secret

platform:
image:
repository: conduktor/conduktor-console
tag: nightly

platformCortex:
image:
repository: conduktor/conduktor-console-cortex
tag: nightly
```

You can also specify the `global.imagePullSecrets` and `global.imageRegistry` parameters in the `platform` and `platformCortex` sections if you want to use different secrets and registries for each of them.

```yaml
platform:
image:
registry: regsitry.company.io
repository: conduktor/conduktor-console
tag: nightly
pullSecrets:
- docker-regsitry-secret

platformCortex:
image:
registry: regsitry.company.io
repository: conduktor/conduktor-console-cortex
tag: nightly
pullSecrets:
- docker-regsitry-secret-cortex
```

### Store platform data into a Persistent Volume

```yaml
Expand Down
38 changes: 38 additions & 0 deletions charts/gateway/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,44 @@ gateway:
secretKey: "<256bits long string>" # if empty, a random key will be generated
```


#### Pulling from private registry using `global.imagePullSecrets`

The method of setting up your private registry will work with the following registries:
- Artifactory
- Harbor
- Nexus
- GitHub Container Registry (GHCR)
- Google Container Registry (GCR)

**This method WILL NOT work for AWS Elastic Container Registry (ECR) due to it requiring an authentication token that expires every 12 hours**

To use the parameter `global.imagePullSecrets` you need to create a secret with the name you want to use in the parameter. To find out more [see offical documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

We need to ensure this secret is of type `docker-registry` and contains the following keys:
```bash
kubectl create secret docker-registry <SECRET_NAME> \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USERNAME> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL>
```

Then in your `values.yaml` file, you can set the `global.imagePullSecrets` parameter to the name of the secret you created, you will also need to modify the `gateway.image` parameters to use the same registry as the secret you created.

The below example shows how to set the `global.imagePullSecrets` parameter and the `gateway.image` parameters to use a private registry:
```yaml
global:
imagePullSecrets:
- name: docker-regsitry-secret

gateway:
image:
registry: regsitry.company.io
repository: conduktor/conduktor-gateway
tag: nightly
```

### Ingress configuration examples

#### Nginx Ingress without TLS
Expand Down